Websploit Cloudflare Resolver module

In this tutorial we will be testing and using the Cloudflare resolver module in Websploit on Kali Linux. Cloudflare is a company that provides a content delivery network and distributed DNS (Domain Name Server) services, sitting between the visitor and the hosting provider of the Cloudflare user. This way Cloudflare is acting as a reverse proxy for websites and claims to protect, speed up, optimize and improve availability for a website. Cloudflare also provides advanced DDOS protection for a website, including those targeting UDP and ICMP protocols. Cloudflare claims to protect more than 2 million website at the time of writing. The Websploit Cloudflare Resolver module claims to resolve the original IP address of the server protected by Cloudflare.

Websploit Cloudflare Resolver Tutorial

Open a terminal and start websploit with the following command:

websploit

Use the following command to show an overview of available modules from which we will select the Websplout Cloudflare Resolver module:

show modules

Use the following command to set the cloudflare_resolver module so we can configure it’s parameters:

use web/cloudflare_resolver

Type the following command to show the available options for the Websploit Cloudflare Resolver module:

show options

We need to specify a hostname as target:

We will use the following command to set a target:

set target [hostname]

Now type the Run command to run the Websploit Cloudflare Resolver module against the specified target.

Hackingtutorials.org is not using Cloudflare so it will display the webserver’s real IP address. I tried this module on a couple websites using Cloudflare and it returns the Cloudflare IP address mostly. This module does return the IP addresses for sub-domains and sometimes this gives you useful information and non Cloudflare IP addresses but this could also be done by a simple ping on subdomains.

Websploit Cloudflare Resolver Video Tutorial

Thanks for watching and please subscribe to my YouTube channel for more hacking tutorials :)